Pages

Friday, January 27, 2017

Cross vCenter NSX

This blog post provides following about Cross vCenter NSX

Overview

Use Cases

How Cross vCenter NSX works

Sample Topology

Installation and Configuration

Validation

Overview

Pre-NSX 6.2, although NSX provides the flexibility, agility, efficiency and other benefits of network virtualization, the logical networking and security was constrained to the boundaries of one vCenter domain

These Cross-VC NSX objects are called Universal objects. The universal objects are similar to local objects such as distributed logical switches, routers, and firewall except they have universal scope, meaning they can span multiple vCenter instances.

With Cross-VC NSX functionality, in addition to the prior local-site scope objects, users can implement universal objects such as Universal Logical Switches, Universal Logical Routers, and Universal DFW across a multi-vCenter environment that can be within a single data center site or across multiple data center sites.

How Cross vCenter NSX works

In a cross-vCenter NSX environment, you can have multiple vCenter Servers, each of which must be paired with its own NSX Manager. One NSX Manager is assigned the role of primary NSX Manager, and the others are assigned the role of secondary NSX Manager.

The primary NSX Manager is used to deploy a universal controller cluster that provides the control plane for the cross-vCenter NSX environment. The secondary NSX Managers do not have their own controller clusters.

The primary NSX Manager can create universal objects, such as universal logical switches. These objects are synchronized to the secondary NSX Managers by the NSX Universal Synchronization Service. You can view these objects from the secondary NSX Managers, but you cannot edit them there. You must use the primary NSX Manager to manage universal objects. The primary NSX Manager can be used to configure any of the secondary NSX Managers in the environment.

On both primary and secondary NSX Managers, you can create objects that are local to that specific vCenter NSX environment, such as logical switches, and logical (distributed) routers. They will exist only within the vCenter NSX environment in which they were created. They will not be visible on the other NSX Managers in the cross-vCenter NSX environment.

Sample Topology

Installation and Configuration

Key here is that you can start of deploying NSX Managers as standalone and later assign them specific roles i.e. Primary or Secondary

In this blog I will only include details which are specific to Cross VC NSX. I have written detailed blog for standard standalone NSX Setup. You can refer the same http://bit.ly/2fzjKY2

Also in my setup I have both vCenters in Linked Mode. It is not mandatory to have vCenter’s in linked mode however it gives us option to manage it from single pane of glass and linked mode has its own benefits/use cases which can be researched

Procedure

Assign Primary NSX Manger Role

Navigate to Networking and Security via Site A (PROD) vCenter

Click Actions and Select “Assign Primary Role “

NSX Universal Synchronization Service will change status to Running in PROD NSX Manager

Add Secondary Manager

Click Actions and Select “Add Secondary Manager”

It will prompt you for credentials. Please ensure to specify “admin” credentials and Accept the Certificate

You can observe the Role Column added under NSX Managers

Configuring Primary NSX Manager

Following steps needs to be configured on Primary NSX Manager

Adding Universal Controller(s)

You can add controller(s) while it is in standalone role and then later update the controller state after the roles have been assigned so that it replicates Secondary NSX Manager

Segment ID for Primary NSX Manager

Navigate to Segment ID under “Logical Network Preparation”

Notice the Universal Segment ID section

Universal Transport Zone on the Primary NSX Manager

In my lab I only have “Single Cluster” which I will be using hence i will creating single Universal Transport Zone. In Production, you may have multiple Transport Zones and you can have multiple combination of Universal and Local Transport Zones

Please ensure to Check Box where it says "Mark this object for Universal Synchronization"

Universal Logical Switch on the Primary NSX Manager

We need to ensure Logical Switch we create we have to ensure we connect to Universal Transport Zone we created earlier

I will be creating 2 Universal Logical Switches

Universal Transit LS ( DLR will be attached to ESGs which will be deployed 1 per Site)

Universal App LS (VMs will be attached to this)

Universal Logical (Distributed) Router on the Primary NSX Manager

Now we will deploy UDLR and connect it to the Universal Switch we created earlier.

Navigate to NSX Edges section and click “+” If you have deployed NSX Edge on Standalone NSX Manager you would have only seen 2 options

Edge Services Gateway and Logical (Distributed) Router.

After you have enabled Primary for the NSX Manager you can now deploy Universal Logical (Distributed) Router

One key item which I want to highlight is “Enable Local Egress”

Local Egress can be enable on UDLR at the time of deployment only hence it is key to Check or Uncheck as per your design. You can read more about Local Egress